Posts tagged "security"

4 posts

• UNC Paths as a Covert Exfiltration Channel in AI Coding Agents

  April 09, 2026
  security ai-agents windows data-exfiltration

  What if a prompt-injected agent could use safe read only tools to silently exfiltrate your secrets? Data exfiltration from AI coding agents is a well-documented attack class. Johann Rehberger (embracethered)...

• When the WAF Blocks Everything: SQL Injection with Only Math

  March 27, 2026
  security sql-injection mssql waf-bypass

  Recently I came across an interesting bug bounty target where I found some nice, classic SQL injection, but none of the WAF bypasses known to me worked. So I asked...

• Caught in the Hook... or just API key exfiltration:

  February 27, 2026
  security ai-agents claude-code

  In my previous post, I explained the concept of the folder trust gap in AI agents. And today someone released a new article which describes such vulnerabilities in Claude Code....

• The Trust Gap: Your AI Agent Is Running Code Before It Asks Permission

  February 26, 2026
  security ai-agents

  What is the threat model of an AI agent that operates in your terminal? One of the first things that happens when you type claude/codex/copilot/gemini in your terminal is that...

← View all tags